1. 31 May, 2021 1 commit
  2. 30 May, 2021 1 commit
  3. 24 May, 2021 20 commits
    • Kevin Morris's avatar
      bugfix: relax `next` verification · c5fcf685
      Kevin Morris authored
      
      
      AUR renders its own 404 Not Found page when a bad route
      is encountered. Introducing the previous verification
      caused an error in this case when setting a language
      while viewing the Not Found page. So, instead of checking
      through routes, just make sure that the next parameter
      starts with a '/' character, which removes the possibility
      of any cross attacks.
      
      + Removed aurweb.asgi.routes; no longer needed.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      c5fcf685
    • Leonidas Spyropoulos's avatar
    • Kevin Morris's avatar
      add account (view) route · 57ad3a88
      Kevin Morris authored
      
      
      + Added get /account/{username} route.
      + Added account/show.html template which shows a single use
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      57ad3a88
    • Kevin Morris's avatar
      add account edit (settings) routes · 9a3ee68e
      Kevin Morris authored
      
      
      * Added account_url filter to jinja2 environment. This produces a path
        to the user's account url (/account/{username}).
      * Updated archdev-navbar to link to new edit route.
      + Added migrate_cookies(request, response) to aurweb.util, a function
        that simply migrates the request cookies to response and returns it.
      + Added account_edit tests to test_accounts_routes.py.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      9a3ee68e
    • Kevin Morris's avatar
      add python-lxml to dependencies · 1ed8c1cd
      Kevin Morris authored
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      1ed8c1cd
    • Kevin Morris's avatar
      add user registration routes · 04adfd3e
      Kevin Morris authored
      
      
      * Added /register get and post routes.
      + Added default attributes to AnonymousUser, including a new
        AnonymousList which behaves like an sqlalchemy relationship
        list.
      + aurweb.util: Added validation functions for various user fields
        used throughout registration.
      + test_accounts_routes: Added get|post register route tests.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      04adfd3e
    • Kevin Morris's avatar
      add openssh to test dependencies · 3e83b947
      Kevin Morris authored
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      3e83b947
    • Kevin Morris's avatar
      add aurweb.captcha, a CAPTCHA utility module · e1b8e79d
      Kevin Morris authored
      
      
      This CAPTCHA workflow is the same workflow used by our current
      PHP implementation of account registration.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      e1b8e79d
    • Kevin Morris's avatar
      add python-email-validator dependency · c4b5d83a
      Kevin Morris authored
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      c4b5d83a
    • Kevin Morris's avatar
      aurweb.templates: add make_variable_context · f69eeac1
      Kevin Morris authored
      
      
      A new make_context wrapper which additionally includes either
      query parameters (get) or form data (post) in the context.
      
      Use this to simplify setting context variables for form data
      in particular.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      f69eeac1
    • Kevin Morris's avatar
      add aurweb.time module · 3c2b9f01
      Kevin Morris authored
      
      
      This module includes timezone-based utilities for a FastAPI request.
      This commit introduces use of the AURTZ cookie within get_request_timezone.
      This cookie should be set to the user or session's timezone.
      
      * `make_context` has been modified to parse the request's timezone
        and include the "timezone" and "timezones" variables, along with
        a timezone specified "now" date.
      + Added `Timezone` attribute to aurweb.testing.requests.Request.user.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      3c2b9f01
    • Kevin Morris's avatar
      aurweb.auth: add user credentials and matcher functions · 6ea526e2
      Kevin Morris authored
      
      
      This clones the behavior already present in the PHP implementation,
      but it uses a global dict with credential constant keys to
      validation functions to determine if a given user has a credential.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      6ea526e2
    • Kevin Morris's avatar
      add SSHPubKey ORM model · 36923528
      Kevin Morris authored
      
      
      Includes `aurweb.models.ssh_pub_key.get_fingerprint(pubkey)` helper.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      36923528
    • Kevin Morris's avatar
      add authenticated User LangPreference tracking · 5bbee4ed
      Kevin Morris authored
      
      
      + Use User.LangPreference when there is no set AURSID
        if request.user.is_authenticated is true.
      + Updated post /language to update LangPreference when
        request.user.is_authenticated.
      + Restore language during test where we change it.
      + Added the user attribute to aurweb.testing.requests.Request.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      5bbee4ed
    • Kevin Morris's avatar
      add passreset routes · 5c7cadcf
      Kevin Morris authored
      
      
      Introduced `get|post` `/passreset` routes. These routes mimic the
      behavior of the existing PHP implementation, with the exception of
      HTTP status code returns.
      
      Routes added:
          GET /passreset
          POST /passreset
      
      Routers added:
          aurweb.routers.accounts
      
      * On an unknown user or mismatched resetkey (where resetkey must ==
        user.resetkey), return HTTP status NOT_FOUND (404).
      * On another error in the request, return HTTP status BAD_REQUEST (400).
      
      Both `get|post` routes requires that the current user is **not**
      authenticated, hence `@auth_required(False, redirect="/")`.
      
      + Added auth_required decorator to aurweb.auth.
      + Added some more utility to aurweb.models.user.User.
      + Added `partials/error.html` template.
      + Added `passreset.html` template.
      + Added aurweb.db.ConnectionExecutor functor for paramstyle logic.
        Decoupling the executor logic from the database connection logic
        is needed for us to easily use the same logic with a fastapi
        database session, when we need to use aurweb.scripts modules.
      
      At this point, notification configuration is now required to complete
      tests involved with notifications properly, like passreset.
      `conf/config.dev` has been modified to include [notifications] sendmail,
      sender and reply-to overrides. Dockerfile and .gitlab-ci.yml have been
      updated to setup /etc/hosts and start postfix before running tests.
      
      * setup.cfg: ignore E741, C901 in aurweb.routers.accounts
      
      These two warnings (shown in the commit) are not dangerous and a bi-product
      of maintaining compatibility with our current code flow.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      5c7cadcf
    • Kevin Morris's avatar
      add the request parameter to render_template · 45d270f3
      Kevin Morris authored
      
      
      This allows us to inspect things about the request we're rendering from.
      
      * Use render_template(request, ...) in aurweb.routers.auth
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      45d270f3
    • Kevin Morris's avatar
      implement login + logout routes and templates · f7b8ba68
      Kevin Morris authored
      
      
      + Added route: GET `/login` via `aurweb.routers.auth.login_get`
      + Added route: POST `/login` via `aurweb.routers.auth.login_post`
      + Added route: GET `/logout` via `aurweb.routers.auth.logout`
      + Added route: POST `/logout` via `aurweb.routers.auth.logout_post`
      * Modify archdev-navbar.html template to toggle displays on auth state
      + Added login.html template
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      f7b8ba68
    • Kevin Morris's avatar
      add aurweb.auth and authentication to User · 2ffa4c9f
      Kevin Morris authored
      
      
      + Added aurweb.auth.AnonymousUser
          * An instance of this model is returned as the request user
            when the request is not authenticated
      + Added aurweb.auth.BasicAuthBackend
      + Add starlette's AuthenticationMiddleware to app middleware,
        which uses our BasicAuthBackend facility
      + Added User.is_authenticated()
      + Added User.authenticate(password)
      + Added User.login(request, password)
      + Added User.logout(request)
      + Added repr(User(...)) representation
      + Added aurweb.auth.auth_required decorator.
      
      This change uses the same AURSID logic in the PHP implementation.
      
      Additionally, introduce a few helpers for authentication,
      one of which being `User.update_password(password, rounds = 12)`
      where `rounds` is a configurable number of salt rounds.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      2ffa4c9f
    • Kevin Morris's avatar
      add python-bcrypt dependency · b4ffdcdd
      Kevin Morris authored
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      b4ffdcdd
    • Kevin Morris's avatar
      add aurweb.models.session.Session ORM database object · 35b14815
      Kevin Morris authored
      
      
      + Added aurweb.util module.
          - Added make_random_string function.
      + Added aurweb.db.make_random_value function.
          - Takes a model and a column and introspects them to figure out the
            proper column length to create a random string for; then creates
            a unique string for that column.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      35b14815
  4. 20 May, 2021 3 commits
    • Kevin Morris's avatar
      add aurweb.models.ban.Ban ORM mapping · 8f18f848
      Kevin Morris authored
      
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      8f18f848
    • Kevin Morris's avatar
      aurweb.db: add query, create, delete helpers · b8e636b4
      Kevin Morris authored
      
      
      Takes sqlalchemy kwargs or stanzas:
      
      query(Model, Model.Column == value)
      query(Model, and_(Model.Column == value, Model.Column != "BAD!"))
      
      Updated tests to reflect the new utility and a comment about upcoming
      function deprecation is added to get_account_type().
      
      From here on, phase out the use of get_account_type().
      
      + aurweb.db: Added create utility function
      + aurweb.db: Added delete utility function
      
      The `delete` function can be used to delete a record by search
      kwargs directly.
      
      Example:
          delete(User, User.ID == 6)
      
      All three functions added in this commit are typically useful to
      perform these operations without having to import aurweb.db.session.
      Removes a bit of redundancy overall.
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      b8e636b4
    • Kevin Morris's avatar
      move aurweb.testing to its own package · 2831bf83
      Kevin Morris authored
      
      
      + Added aurweb.testing.setup_test_db(*tables)
      + Added aurweb.testing.models.make_user(**kwargs)
      + Added aurweb.testing.models.make_session(**kwargs)
      + Added aurweb.testing.requests.Client
      + Added aurweb.testing.requests.Request
      * Updated test_l10n.py to use our new Request
      Signed-off-by: Kevin Morris's avatarKevin Morris <kevr@0cost.org>
      2831bf83
  5. 18 May, 2021 12 commits
  6. 17 May, 2021 1 commit
  7. 16 May, 2021 1 commit
  8. 14 May, 2021 1 commit
    • Marcus Andersson's avatar
      Adding route tests · 06c3626b
      Marcus Andersson authored and Kevin Morris's avatar Kevin Morris committed
      Removing status code from 404 title
      
      Removing status code from 503 title
      
      Adding id to 503 error box
      
      Indatation fix
      06c3626b